tags:

views:

98

answers:

2
Q: 

Transfer download processing to IIS7?

I have a system that allows the users to download some files, the user needs to login first and then he is autorized or not to download. The download page is Download.aspx?FileId=42 and the code within this page opens the file and keeps sending small chunks to the user. We made this because we needed to guarantee that only authorized users could download.

We recently moved this system to IIS7 and it is working properly, but I don't like the idea of having a custom c# code sending the chunks to the client, so I would like to know if there is a way of when a request to file.zip is made, a custom code is executed to authorize or not, and if it is authorized, I just tell IIS7 to proceed the download instead of running the code inside Download.aspx.

Is this possible?

Thanks!

A: 

Do a redirect to the zip file. Hide the zip file in a obscure location with non-regular naming. "Security through obscurity."

Daniel A. White  2009-04-24 15:59:09
the problem with this is that no matter what you do, using httpwatch for instance lets the user know the location of the zip file.
 2009-04-24 16:06:33
True, but if its non standard naming, then people could not find the other ones.
Daniel A. White  2009-04-24 16:08:54
this would be the last option... thanks for your help!
 2009-04-24 16:09:53
What an incredibly bad idea, redirects are easily visible
blowdart  2009-09-12 07:36:33
A: 

IIS7 has authorization that uses Forms or Windows authentication for all file types - if it's running in integrated pipeline mode. The syntax is just like that for ASP.NET applications, but it's in a different place in web.config, <system.web>. The rules can also be added using the IIS7 admin interface. There are a couple of differences, IIS7 URL authorization evaluates rules from the parent down and deny rules take precedence.

blowdart  2009-09-12 07:40:18

related questions

Change .NET Framework version of application pool to 3.5?
How can I determine the number of users on an ASP.NET site (IIS)? And their info?
Hitting Webservice on Different Subnet
WebResource.asd giving 403 error in ASP.Net Post backs using IIS7
How do you Install a SSL Certificate
Can IIS7 be installed on XP?
Is IIS7 migration a piece of cake
Posting forms to a 404 + HttpHandler in IIS7: why has all POST data gone missing?
WAS hosting vs. Windows Service hosting
How do I fix 404.17 error on Win Server 2k8 and IIS7
Force IIS7 to suggest downloading *.exe files in "Local intranet" zone
Sending 'application/javascript' MIME t Type Header Causes 500 Error with PHP5 & IIS7
How to configure IIS7 to allow zip file uploads using classic asp?
What is the worker process for IIS7?
IIS Integrated Request Processing Pipeline -- Modify Request
How to setup GIT bare HTTP-available repository on IIS-machine
What is the ASP.NET process for IIS 7.0?
IIS7: HTTP->HTTPS Cleanly
URL Rewrite Module for IIS 7
ASP.NET Forms Authorization
Does CruiseControl.NET run on IIS 7.0?
How do I get PHP and MySQL working on IIS 7.0 ?
Convert an asp.net application to IIS7 integrated mode
Impersonation in IIS 7.0
How do I stop IIS7 dropping my cookies?